The trouble is nginx does a fair amount of work before blocking the IP address, unless things have changed. My recollection is it parses the whole request. Obviously it doesn't send any data. So you are better off blocking with the firewall.
You do need to know your audience. Something related to a university could generate a number of simultaneous users behind one IP. In my case Boeing triggered the limit. Original Message From: [email protected] Sent: August 1, 2017 9:08 PM To: [email protected] Reply-to: [email protected] Subject: Re: nginx limit_req and limit_conn not working to prevent DoS attack Yes. Firewall would be another option. But before to that, i would like to try out all options at nginx level if one or other would resolve the issue at nginx layer itself. cant we put accept() filters? or how the deny option works? can we use deny option to not to accept any new connections if number of connections already exceeds max limit from a client IP.? are there any third party modules available for nginx to embed firewall functionality? something reliable !! My objective is, using limit_conn directive, when number of connections exceeding limit, instead of sending 503, or 444, just do not accept any new connections from that specific IP only(if a client is opening 10000 connections at a time, it should be fine to not accept connections from that IP citing the reason that it could be malicious). Thoughts !! Thanks. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275796,275801#msg-275801 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
